Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-007364

sonatype-2025-007364

Malicious Packages - Mon Dec 01 2025 [Info Stealer]

Published Dec 1, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-191501.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192073.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192108.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192154.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192553.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192797.json

CVSS ScoreMedium

5.3

Ecosystem	Package	Version


npm	abrhide	0.0.1-security
npm	abrhide	3.1.22
npm	camscanner-seo	999.0.0
npm	cms_comp	999.0.0
npm	cms_comp	999.0.1
npm	cms_comp	999.0.9
npm	cms_comp_popup	999.0.0
npm	cms_comp_static	999.0.0
npm	cos-js-sdk-v6	999.0.0
npm	ddxq_cms_tools	999.0.0
npm	elf-stats-joyous-toy-475	1.2.0
npm	elf-stats-northbound-wishlist-684	1.0.0
npm	elf-stats-sparkly-cocoa-863	1.0.0
npm	eslint-config-zoo	999.0.0
npm	fe-cdnpath-transform	999.0.0
npm	jz-native-js-bridge	114.5.14
npm	jz-ui-user	999.0.0
npm	jz-user-js-bridge	999.0.0
npm	old-hd-keyring	0.0.1-security
npm	old-hd-keyring	2.0.0
npm	pp-js-lib	999.0.0
npm	sd-pay	999.0.0
npm	sd-pay-ts	999.0.0
npm	sdbao-content-report	999.0.0
npm	sdbao-content-sems	999.0.0
npm	uba-plugins	999.0.0
npm	wds-icons	0.0.1-security
npm	wds-icons	1.0.0

sonatype-2025-007364 | Components Impacted | Sonatype Guide | Sonatype Guide